CVE-2023-53020
MEDIUM EPSS 3.0%
Published Mar 27, 20251y ago · Modified Jun 17, 20261w ago
4.7 CVSS 3.1
Published Mar 27, 2025 1y ago
Last Modified Jun 17, 2026 1w ago
Description
In the Linux kernel, the following vulnerability has been resolved: l2tp: close all race conditions in l2tp_tunnel_register() The code in l2tp_tunnel_register() is racy in several ways: 1. It modifies the tunnel socket _after_ publishing it. 2. It calls setup_udp_tunnel_sock() on an existing socket without locking. 3. It changes sock lock class on fly, which triggers many syzbot reports. This patch amends all of them by moving socket initialization code before publishing and under sock lock. As suggested by Jakub, the l2tp lockdep class is not necessary as we can just switch to bh_lock_sock_nested().
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H Attack Vector Local
Attack Complexity High
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High
Threat Intelligence
EPSS Exploit Probability
3.0% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-362
Affected Products 7
References 4
- git.kernel.org https://git.kernel.org/stable/c/0b2c59720e65885a394a017d0cf9cab118914682
- git.kernel.org https://git.kernel.org/stable/c/2d77e5c0ad79004b5ef901895437e9cce6dfcc7e
- git.kernel.org https://git.kernel.org/stable/c/77e8ed776cdb1a24b2aab8fe7c6f1f154235e1ce
- git.kernel.org https://git.kernel.org/stable/c/cef0845b6dcfa2f6c2c832e7f9622551456c741d
Remediation
- git.kernel.org https://git.kernel.org/stable/c/0b2c59720e65885a394a017d0cf9cab118914682
- git.kernel.org https://git.kernel.org/stable/c/2d77e5c0ad79004b5ef901895437e9cce6dfcc7e
- git.kernel.org https://git.kernel.org/stable/c/77e8ed776cdb1a24b2aab8fe7c6f1f154235e1ce
- git.kernel.org https://git.kernel.org/stable/c/cef0845b6dcfa2f6c2c832e7f9622551456c741d